[Aftld-members] [ccnso-council] DAAR Activity Project: Now Providing Personalized Monthly Reports for ccTLDs

Barrack Otieno barrack at aftld.org
Mon Jan 25 05:30:17 EAT 2021 


For those interested.

Announcement:
https://www.icann.org/news/blog/daar-activity-project-now-providing-personalized-monthly-reports-for-cctlds
[1]

In order to expand the effectiveness of Domain Abuse Activity Reporting
(DAAR) for the community, in November 2019, country code top-level
domains (ccTLDs) were invited to participate in the DAAR system designed
by ICANN's Office of the Chief Technology Officer (OCTO). ccTLDs could
volunteer to participate by sharing their zone files. These zone files
would only be used in the DAAR system and would not be used or shared
for any other purpose or in ICANN's Centralized Zone Data Service
(CZDS). Every ccTLD that joined the project would be able to receive
DAAR data on a daily basis via ICANN's Monitoring System API (MoSAPI
[2]).

  In July 2020, I published a blog [3] announcing that several ccTLDs
were voluntarily participating in the DAAR system. To date, 12 ccTLDs
have joined this effort. This not only benefits the DAAR system by
allowing a broader spectrum of domains and therefore better indication
of security threat concentrations, but we expect it to also provide
significant benefits to the ccTLD community.

  We are now providing customized monthly reports to the participating
ccTLDs. These reports contain analytics specifically based on the data
submitted by each ccTLD, and are only shared with them. In each report
ccTLD-related statistics are shown with all the other ccTLDs and generic
TLDs (gTLDs) being anonymized. The intention of these personalized
reports is to help ccTLDs understand where they stand in terms of the
security threat data listed by Reputation Block Lists (RBLs) in
comparison to other TLDs. These documents are a supplement to the DAAR
reports published monthly and daily scores.

  ABOUT DAAR

  ICANN's DAAR system is used to study and report on domain name
registration and security threat behavior across top-level domain (TLD)
registries. The domain name data is obtained from zone files to which
ICANN has access. The threat data is obtained from a curated list of
Domain Name System (DNS) RBL providers. For each gTLD, DAAR provides raw
counts and scores of security threats based on what is listed in the
RBLs we use to identify phishing, malware, spam, and botnet
command-and-control threats via ICANN's MoSAPI [2]. DAAR reports go as
far back as 2018 and can be found here [4].

  The data being collected by the DAAR system is helping ICANN org and
the community to facilitate discussions on security threat trends over
time. Through the MoSAPI, individual registries can compare their DAAR
data against the aggregate data for all registries in the DAAR system.
Even in its anonymous form, the data has incentivized multiple large
contracted parties to enhance their own anti-abuse measures and
frameworks. Furthermore, independent researchers are adopting our
methodology and producing measurements that help enhance the community's
understanding of the DNS security threats landscape.

  What Comes Next

  It's important to note that these initial personalized reports shared
with participating ccTLDs are still considered drafts. To continue to
produce regular reports and improve features, we are asking the
volunteer ccTLDs to review the reports and share their feedback with us.


  We sincerely appreciate and thank the ccTLDs who have volunteered to
join DAAR. We hope the personalized monthly reports are useful and that
feedback from the ccTLDs will help improve DAAR for the community.

  Finally, in order to generate more accurate and reliable analyses and
comparisons within the DAAR system, more ccTLD participation is
desirable. We encourage all ccTLDs to learn about the benefits of
participating in the DAAR system for themselves and the community.

  For discussions regarding DAAR project data-sharing and any other
measurement of DNS security threats and abuse-related topics, please
join the DNS-Abuse-Measurements [5] mailing list or visit the DAAR
webpage: https://www.icann.org/octo-ssr/daar [4].




Links:
------
[1] 
https://www.icann.org/news/blog/daar-activity-project-now-providing-personalized-monthly-reports-for-cctlds
[2] https://www.icann.org/mosapi
[3] 
https://www.icann.org/news/blog/country-code-top-level-domain-participation-in-icann-s-domain-abuse-activity-reporting-system
[4] https://www.icann.org/octo-ssr/daar
[5] https://mm.icann.org/mailman/listinfo/dns-abuse-measurements
_______________________________________________
Ccnso-council mailing list
Ccnso-council at icann.org
https://mm.icann.org/mailman/listinfo/ccnso-council
_______________________________________________
By submitting your personal data, you consent to the processing of your 
personal data for purposes of subscribing to this mailing list 
accordance with the ICANN Privacy Policy 
(https://www.icann.org/privacy/policy) and the website Terms of Service 
(https://www.icann.org/privacy/tos). You can visit the Mailman link 
above to change your membership status or configuration, including 
unsubscribing, setting digest-style delivery or disabling delivery 
altogether (e.g., for a vacation), and so on.

-- 
Barrack Otieno

General Manager

Africa Top Level Domains Organization

+254721325277

www.aftld.org

'The Regional Association of African ccTLDs

More information about the Aftld-members mailing list